[英]How to create a self-sign certificate to sign a MimeKit Message?
如何創建適合簽署 MimeKit 消息的開發自簽名證書?
MimeKit 有自己的 CmsSigner。 當我嘗試將證書加載到 MimeKit CmsSigner 中時:
X509Certificate2 cert = new X509Certificate2(@"cert.pfx", "xpto", X509KeyStorageFlags.Exportable);
var signer = new MimeKit.Cryptography.CmsSigner(cert);
它拋出:
“證書不能用於簽名。”
問題在於,CmsSign使用的默認算法必須與用於創建證書密鑰(在我的情況下為SHA1)的算法相同。
這里是如何為S / MIME證書加載的:
X509Certificate2 cert = new X509Certificate2(@"ca.p12", "xpto", X509KeyStorageFlags.Exportable);
var signer = new CmsSigner(cert);
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
MultipartSigned.Create( signer, mimeMessage.Body);
var message = new MimeMessage() { ... };
// Load your x509 certificate
x509certificate2 cert = new x509certificate2("d:\\mycer.pfx", "123456789", x509keystorageflags.exportable);
// CmsSigner = CMS = Cryptographic Message Syntax = a standard syntax for storing signed and/or encrypted data
var signer = new cmssigner(cert);
signer.digestalgorithm = digestalgorithm.sha256;
// This will sign the message body using our certificate which includes our organisation name
// Needs this package to run: https://www.nuget.org/packages/System.Data.SQLite/
message.body = multipartsigned.create(signer, message.body);
// Getting the private key from the pfx file
// https://www.asptricks.net/2016/09/how-to-export-private-key-from.html
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;
AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetRsaKeyPair(rsa);
var myCAprivateKey = keyPair.Private;
// Now sign the message with the private key only to authenticate DKIM
DkimSigner Signer = new DkimSigner(
myCAprivateKey,
"mydomain.com", // your domain name
"myDKIM") // The dkim selector on your domain's DNS (txt record)
{
HeaderCanonicalizationAlgorithm = DkimCanonicalizationAlgorithm.Relaxed,
BodyCanonicalizationAlgorithm = DkimCanonicalizationAlgorithm.Relaxed,
AgentOrUserIdentifier = "@mydomain.com", // your domain name
QueryMethod = "dns/txt",
SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1
};
Signer.Sign(message, headers);
// do your sending logic
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.